THE STEGANOGRAPHY ANALYZER ARTIFACT SCANNER (STEGALYZERAS) IS A DIGITAL FORENSIC ANALYSIS TOOL DESIGNED TO EXTEND THE SCOPE OF TRADITIONAL DIGITAL FORENSIC EXAMINATIONS BY ALLOWING THE EXAMINER TO SCAN SUSPECT MEDIA, OR FORENSIC IMAGES OF SUSPECT MEDIA, FOR KNOWN ARTIFACTS OF STEGANOGRAPHY APPLICATIONS.
RESIDUAL ARTIFACTS MAY BE IDENTIFIED BY SCANNING THE FILE SYSTEM AS WELL AS THE REGISTRY ON A MICROSOFT WINDOWS&REG; SYSTEM. STEGALYZERAS ALLOWS FOR THE SEARCH OF FILES BY USING CRC-32, MD5, SHA-1, SHA-224, SHA-256, SHA-384, AND SHA-512 HASH VALUES STORED IN THE STEGANOGRAPHY APPLICATION FINGERPRINT DATABASE (SAFDB) AND REGISTRY ENTRIES STORED IN THE REGISTRY ARTIFACT KEY DATABASE (RAKDB) DISTRIBUTED WITH STEGALYZERAS.

THE STEGANOGRAPHY ANALYZER SIGNATURE SCANNER (STEGALYZERSS) IS A DIGITAL FORENSIC ANALYSIS TOOL DESIGNED TO EXTEND THE SCOPE OF TRADITIONAL DIGITAL FORENSIC EXAMINATIONS BY ALLOWING THE EXAMINER TO SCAN FILES ON SUSPECT MEDIA, OR FORENSIC IMAGES OF SUSPECT MEDIA, FOR UNIQUE HEXADECIMAL BYTE PATTERNS, OR KNOWN SIGNATURES, LEFT INSIDE FILES WHEN PARTICULAR STEGANOGRAPHY APPLICATIONS ARE USED TO EMBED HIDDEN INFORMATION WITHIN THEM.
STEGALYZERSS EXTENDS THE SIGNATURE SCANNING CAPABILITY BY ALSO ALLOWING THE EXAMINER TO USE OTHER TECHNIQUES FOR DETECTING WHETHER INFORMATION MAY HAVE BEEN APPENDED TO, OR HIDDEN WITHIN, POTENTIAL CARRIER FILES. STEGALYZERSS HAS BEEN FOUND TO BE EFFECTIVE IN IDENTIFYING FILES THAT CONTAIN HIDDEN STEGANOGRAPHIC DATA BY THE DEFENSE CYBER CRIME INSTITUTE (DCCI) AND THE CYBERSCIENCE LABORATORY (CSL).

AUTOMATED SCANNING OF AN ENTIRE FILE SYSTEM, INDIVIDUAL DIRECTORIES, OR INDIVIDUAL FILES ON SUSPECT MEDIA FOR THE PRESENCE OF KNOWN SIGNATURES OF PARTICULAR STEGANOGRAPHY APPLICATIONS

IDENTIFY FILES THAT HAVE INFORMATION APPENDED BEYOND THE FILE'S END-OF-FILE MARKER WITH THE APPEND ANALYSIS FEATURE AND ANALYZE THE FILES IN A HEX EDITOR VIEW TO DETERMINE THE NATURE OF THE HIDDEN INFORMATION

IDENTIFY FILES THAT HAVE INFORMATION EMBEDDED USING LEAST SIGNIFICANT BIT (LSB) IMAGE ENCODING WITH THE LSB ANALYSIS FEATURE AND EXTRACT AND REARRANGE THE LSBS FOR ANALYSIS IN A HEX EDITOR VIEW TO DETERMINE IF INFORMATION HAS BEEN HIDDEN WITHIN THE FILE

STEGDETECT IS AN AUTOMATED TOOL FOR DETECTING STEGANOGRAPHIC CONTENT IN IMAGES. IT IS CAPABLE OF DETECTING SEVERAL DIFFERENT STEGANOGRAPHIC METHODS TO EMBED HIDDEN INFORMATION IN JPEG IMAGES.
CURRENTLY, THE DETECTABLE SCHEMES ARE:

JSTEG,

JPHIDE (UNIX AND WINDOWS),

INVISIBLE SECRETS,

OUTGUESS 01.3B,

F5 (HEADER ANALYSIS),

APPENDX AND CAMOUFLAGE.

STEGBREAK IS USED TO LAUNCH DICTIONARY ATTACKS AGAINST JSTEG-SHELL, JPHIDE AND OUTGUESS 0.13B.

STEGHIDE IS A STEGANOGRAPHY PROGRAM THAT IS ABLE TO HIDE DATA IN VARIOUS KINDS OF IMAGE- AND AUDIO-FILES. THE COLOR- RESPECTIVELY SAMPLE-FREQUENCIES ARE NOT CHANGED THUS MAKING THE EMBEDDING RESISTANT AGAINST FIRST-ORDER STATISTICAL TESTS.

OUTGUESS IS A UNIVERSAL STEGANOGRAPHIC TOOL THAT ALLOWS THE INSERTION OF HIDDEN INFORMATION INTO THE REDUNDANT BITS OF DATA SOURCES. THE NATURE OF THE DATA SOURCE IS IRRELEVANT TO THE CORE OF OUTGUESS. THE PROGRAM RELIES ON DATA SPECIFIC HANDLERS THAT WILL EXTRACT REDUNDANT BITS AND WRITE THEM BACK AFTER MODIFICATION. IN THIS VERSION THE PNM AND JPEG IMAGE FORMATS ARE SUPPORTED. IN THE NEXT PARAGRAPHS, IMAGES WILL BE USED AS CONCRETE EXAMPLE OF DATA OBJECTS, THOUGH OUTGUESS CAN USE ANY KIND OF DATA, AS LONG AS A HANDLER IS PROVIDED.